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1 Ubiquitous WWW: Profiles for the situated web 
Lalitha Suryanarayana, Johan Hjelm 

May 2002 Proceedings of the 11th international conference on World Wide Web 

Full text available: ^ pdf(263.89 KB) Additional Information: full citation , abstract , references , index terms 

The World Wide Web is evolving into a medium that will soon make it possible for 
conceiving and implementing situation-aware services. A situation-aware or situated web 
application is one that renders the user with an experience (content, interaction and 
presentation) that is so tailored to his/her current situation. This requires the facts and 
opinions regarding the context to be communicated to the server by means of a profile, 
which is then applied against the description of the application o ... 



Keywords: CC/PP, XML, profiles, situated-aware applications, vocabulary, web architecture 



2 Session 2: secure Web services: Desi g nin g a distributed access control processor for Q 
network services on the Web 
Reiner Kraft 

November 2002 Proceedings of the 2002 ACM workshop on XML security 

Full text available: ^[pdf(301.14 KB) Additional Information: full citation , abstract , references , index terms 

The service oriented architecture (SOA) is gaining more momentum with the advent of 
network services on the Web. A programmable and machine accessible Web is the vision of 
many,and might represent a step towards the semantic Web. However, security is a crucial 
requirement for the serious usage and adoption of the Web services technology. This paper 
enumerates design goals for an access control model for Web services. It then introduces 
an abstract general model for Web services components, along ... 

Keywords: Web services, XML, access control, security 



3 Access control for mobile agents: The calculus of boxed ambients Q 
Michele Bugliesi, Giuseppe Castagna, Silvia Crafa 

January 2004 ACM Transactions on Programming Languages and Systems (TOPLAS), 

Volume 26 Issue 1 

Full text available: ^ pdf(430.05 KB) Additional Information: full citation , abstract , references , index terms 



http://portal.acm.org/results.cfm?coll=ACM&dl-ACM&CFID=54123633&CF 9/29/05 



Results (page 1): HTTP SOAP firewall agent 



Page 2 of 6 



Boxed Am bients are a variant of Mobile Ambients that result from dropping the open 
capability and introducing new primitives for ambient communication. The new model of 
communication is faithful to the principles of distribution and location-awareness of Mobile 
Ambients, and complements the constructs in and out for mobility with finer-grained 
mechanisms for ambient interaction. We introduce the new calculus, study the impact of 
the new mechanisms for communication of typing and mobility, ... 

Keywords: Ambient calculi, access control systems, mobile computation, type safety, type 
systems 
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Security in mobile agent system: problems and approaches 
Yang Kun, Guo Xin, Liu Dayou 

January 2000 ACM SIGOPS Operating Systems Review, Volume 34 issue l 

Full text available: ^| pdf(554.66 KB) Additional Information: full citation , abstract , references , citings 

Despite its many practical benefits, mobile agent technology results in significant new 
security threats from both malicious agents and hosts. This paper investigates the problems 
and approaches of mobile agent system, which shows that bi-directional and layered 
security model may be a good idea .to resolve the security problems in mobile agent 
systems. Other topics about mobile agent security, such as constrained execution and virus 
detection, are also discussed. 

Keywords: bi-directional security mechanism, layered security mechanism, mobile agents, 
security 



Secure and mobile networkin g | 
Vipul Gupta, Gabriel Montenegro 

December 1998 Mobile Networks and Applications, Volume 3 issue 4 

r- * . •. u. 0 „ /0 no ™ i/d\ Additional Information: full citation , abstract , references , citing s, index 
Full text available: jfj pdf(223.39 KB) 

The IETF Mobile IP protocol is a significant step towards enabling nomadic Internet users. It 
allows a mobile node to maintain and use the same IP address even as it changes its point 
of attachment to the Internet. Mobility implies higher security risks than static operation. 
Portable devices may be stolen or their traffic may, at times, pass through links with 
questionable security characteristics. Most commercial organizations use some combination 
of source-filtering routers, sophisticate ... 

Improvin g Network Operations With Intelligent Agents | 
Nathan J. Muller 

July 1997 International Journal of Network Management, volume 7 issue 3 
Full text available: *g| pdf(314.75 KB ) Additional Information: full citation , abstract , index terms 

Automating network and system management tasks has never been easier, since the 
advent of intelligent agents. This article describes the uses and advantages of intelligent 
agents, to identify and resolve problems locally, instead of dispatching technicians to 
remote locations, which is both expensive and time&hyphen;consuming. © 1997 John Wiley 
& Sons, Ltd. 

A public-key based secure mobile IP 

John Zao, Joshua Gahm, Gregory Troxel, Matthew Condell, Pam Helinek, Nina Yuan, Isidro 
Castineyra, Stephen Kent 

October 1999 Wireless Networks, volume 5 issue 5 
Full text available: Additional Information: 
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8 Research papers: information security and risk management: Classification of 

malicious host threats in mobile agent computin g 
Elmarie Bierman, Elsabe Cloete 

September 2002 Proceedings of the 2002 annual research conference of the South 

African institute of computer scientists and information technologists 
on Enablement through technology SAICSIT '02 

Full text available: ^| pdfd 60.29 KB) Additional Information: full citation , abstract , references , index terms 

Full-scale adoption of mobile agent technology in untrustworthy network environments, 
such as the Internet, has been delayed by several security complexities [Montanari, 2001]. 
Presently, there is a large array of security issues and sub-issues within mobile agent 
computing that makes it tough to distinguish between different types of problems, and 
therefore also interfere with the definition of suitable solutions. Literature addressing the 
full range of problems is limited and mostly discusses ... 

Keywords: computer networks, malicious hosts, mobile agents, security, threats 
classification 



9 Astrolabe: A robust and scalable technolog y for distributed system monitoring, 
management and data mining 

Robbert Van Renesse, Kenneth P. Birman, Werner Vogels 

May 2003 ACM Transactions on Computer Systems (TOCS), volume 21 issue 2 

i- ii x x i ui 0 ^ .^r>\ Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdf(341 .62 KB ) — ' 

" terms 

Scalable management and self-organizational capabilities are emerging as central 
requirements for a generation of large-scale, highly dynamic, distributed applications. We 
have developed an entirely new distributed information management system called 
Astrolabe. Astrolabe collects large-scale system state, permitting rapid updates and 
providing on-the-fly attribute aggregation. This latter capability permits an application to 
locate a resource, and also offers a scalable way to track sys ... 

Keywords: Aggregation, epidemic protocols, failure detection, gossip, membership, 
publish-subscribe, scalability 



10 A public-key based secure mobile IP Q 
John Zao, Stephen Kent, Joshua Gahm, Gregory Troxel, Matthew Condell, Pam Helinek, Nina 
Yuan, Isidro Castineyra 

September 1997 Proceedings of the 3rd annual ACM/IEEE international conference on 
Mobile computing and networking 

Full text available: ^|pdf(1.95 MB) Additional Information: full citation , references , citings 



11 Verifiable distributed oblivious transfer and mobile agent security Q 
Sheng Zhong, Yang Richard Yang 

September 2003 Proceedings of the 2003 joint workshop on Foundations of mobile 
computing 

Full text available: ^[ pdf(344.93 KB) Additional Information: full citation , abstract , references , index terms 
The mobile agent is a fundamental building block of the mobile computing paradigm. In 
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mobile agent security, oblivious transfer (OT) from a trusted party can be used to protect 
the agent's privacy and the hosts' privacy. In this paper, we introduce a new cryptographic 
primitive called Verifiable Distributed Oblivious Transfer (VDOT) , which allows us to replace 
a single trusted party with a group of threshold trusted servers. The design of VDOT uses 
two novel techniques, consistency ver ... 

Keywords: oblivious transfer, resiliency to corruptions, secure mobile agents and mobile 
code, verifiable secret sharing 



12 Security model for a multi-agent marketplace Q 
Ashutosh Jaiswal, Yongdae Kim, Maria Gini 

September 2003 Proceedings of the 5th international conference on Electronic 
commerce ICEC '03 

Full text available: ^ pdf(258.32 KB) Additional Information: full citation , abstract , references , index terms 

A multi-agent marketplace, MAGNET (Multi AGent Negotiation Testbed), is a promising 
solution to conduct online combinatorial auctions. The trust model of MAGNET is somewhat 
different from other on-line auction systems: the mediated marketplace is a partially- 
trusted third party. In this paper, we identify the security vulnerabilities of MAGNET and 
present a solution that overcomes these weaknesses. Our solution makes use of three 
different existing technologies with other standard cryptographic ... 

Keywords: electronic auctions, multi-agent systems, security 



13 Wireless and mobility: Evaluation of two security schemes for mobile agents LJ 
Igor Sobrado 

April 2001 ACM SIGCOMM Computer Comm unication Review, Volume 31 issue 2 supplement 
Full text available: ^| pdf(2.1Q MB) Additional Information: full citation , abstract , references , index terms 

In this article, we submit and compare two different but complementary approaches to the 
problem of protecting mobile agents in untrusted computing environments. The first 
alternative, a technique for protection of mobile agents built upon an asymmetric 
cryptographic system resistant to conventional cryptoanalysis techniques, is based on the 
application of one-time keys. The second solution, geared towards computing environments 
supporting public-key cryptographic systems, permits ... 

Keywords: assurance, code protection, cryptography, data protection, information 
recovery, integrity of information, keys exchange, mobile agents, secure distributed 
systems 

14 A gent desi g n patterns: elements of agent application design Q 
Yariv Aridor, Danny B. Lange 

May 1998 Proceedings of the second international conference on Autonomous agents 

Full text available: ^ pdf(887.09 KB) Additional Information: full citation , references , citing s, index terms 



Keywords: agent application, agent design pattern, mobile agent, reuse 
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Wiebe K. Wiechers, Semir Daskapan, Willem G. Vree 
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March 2004 Proceedings of the 6th international conference on Electronic commerce 
ICEC '04 

Full text available: ^ pdf(311.16 KB) Additional Information: full citation , abstract , references , index terms 

In this paper we present and simulate a new approach for creating trusted infrastructures 
within multi agent systems. This bootstrapping protocol initializes a disordered space by 
turning it into an organized, redundant hierarchical structure, headed by elected security 
distribution centers with a pool of successors in case of a failure. A simulation was creates 
of the establishment of this hierarchy to judge both the resulting structure and the process 
of creation in a varying environment. Netw ... 

Keywords: secure autonomous voting, security, self-organization, trust management 



16 A Service Scheduler in a Trustworthy System 
Yinong Chen 

April 2004 Proceedings of the 37th annual symposium on Simulation 

Full text available: ^| pdf(278.85 KB ) . Additional Information: full citation , abstract 

The aim of the research is to investigate techniques thatsupport efficient service scheduling 
algorithms in aservice-oriented fault-tolerant real-time distributed system. Techniques we 
developed include deadline- basedreal-time scheduling, priority-based scheduling, 
andredundant resource allocation for fault-tolerance. Thesystem model and scheduling 
algorithms are designed, anda prototype is implemented to facilitate the investigationand 
experimentation. 

Keywords: Scheduling algorithm, resource allocation, distributed system, fault-tolerant 
system 



17 Mesmerize: an open framework for enterprise security mana g ement 
Daniel Bradley, Audun Josang 

January 2004 Proceedings of the second workshop on Australasian information 
security, Data Mining and Web Intelligence, and Software 
Internationalisation - Volume 32 CRPIT '04 

Full text available: ^[ pdf(89.11 KB) Additional Information: full citation , abstract , references 

We have identified five problems that inhibit effective enterprise security management - 
policy divide, lack of reproducibility, lack of consistency, lack of coverage and lack of 
flexibility in current management systems. We discuss these problems and suggest features 
an enterprise security management framework should have to address them. Mesmerize is 
an enterprise security management framework that allows holistic enterprise security policy 
to be interpreted into technology specific directiv ... 

Keywords: enterprise security management, expert system, network security, policy 



18 Operating s ystems security: Attestation-based policy enforcement for remote access 
Reiner Sailer, Trent Jaeger, Xiaolan Zhang, Leendert van Doom 
October 2004 Proceedings of the 11th ACM conference on Computer and 
communications security 

Full text available: ^] pdf(261.52 KB ^ Additional Information: full citation , abstract , references , index terms 

Intranet access has become an essential function for corporate users. At the same time, 
corporation's security administrators have little ability to control access to corporate data 
once it is released to remote clients. At present, no confidentiality or integrity guarantees 
about the remote access clients are made, so it is possible that an attacker may have 
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compromised a client process and is now downloading or modifying corporate data. Even 
though we have corporate-wide access control over ... 

Keywords: remote access, security management, trusted computing 



19 Engineerin g mobile-agent a p plications via context-dependent coordination 
Giacomo Cabri, Letizia Leonardi, Franco Zambonelli 

July 2001 Proceedings of the 23rd International Conference on Software Engineering 

Full text available: TO j>df(1 73.80 KB) Additional Information: full citation , abstract , references , citings, index 



Mobility introduces peculiar coordination problems in agent-based Internet applications. 
First, it suggests the exploitation of an infrastructure based on a multiplicity of local 
interaction spaces. Second, it may require coordination activities to be adapted both to the 
characteristics of the execution environment where they occur and to the needs of the 
application to which the coordinating agents belong. This paper introduces the concept of 
context-dependent coordination based on progra ... 

20 Mobile agent security with the IPEditor development tool and the mobile UNITY 
language 

Yasuyuki Tahara, Akihiko Ohsuga, Shinichi Honiden 

May 2001 Proceedings of the fifth international conference on Autonomous agents 

Full text available: *g| pdf(152.43 KB ) Additional Information: full citation , abstract , references , index terms 

Many people consider that security is one of the biggest problems for practical use of mobile 
agents that move around the network and do their tasks. In this paper, we assert that this 
issue can be effectively managed by using IPEditor, the development support tool of mobile 
multi-agent applications that we have been released, and Mobile UNITY, a formal 
specification language of mobile agent applications. IPEditor helps developers to design 
applications with visual supports of agent behav ... 
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